From 39711cf6c2ec5a3b4480dcb4800cc3802bda5bf2 Mon Sep 17 00:00:00 2001 From: Lukasz Kasprzak Date: Fri, 20 Mar 2026 19:16:32 +0100 Subject: feat: first fully successful run e2e on straper --- straper/db/public/apparmor/apparmor.d/tunables/etc | 28 ++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 straper/db/public/apparmor/apparmor.d/tunables/etc (limited to 'straper/db/public/apparmor/apparmor.d/tunables/etc') diff --git a/straper/db/public/apparmor/apparmor.d/tunables/etc b/straper/db/public/apparmor/apparmor.d/tunables/etc new file mode 100644 index 0000000..353cb57 --- /dev/null +++ b/straper/db/public/apparmor/apparmor.d/tunables/etc @@ -0,0 +1,28 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2020 Christian Boltz +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +# @{etc_ro} contains a space-separated list of the system configuration directories. +# Traditionally this means /etc/, but when using a read-only / filesystem and/or +# with the goal of having only user-modified config files in /etc/, directories +# like /usr/etc/ get introduced for storing the default config. + +# @{etc_ro} contains directories with configuration files, including read-only directories. +# Do not use @{etc_ro} in rules that allow write access. +@{etc_ro}=/etc/ /usr/etc/ + +# @{etc_rw} contains directories where writing to configuration files is allowed. +# @{etc_rw} should always be a subset of @{etc_ro}. +# +# Only use @{etc_rw} if the profile allows writing to a configuration file. +# For rules that only allows read access, use @{etc_ro}. +@{etc_rw}=/etc/ + +# Also, include files in tunables/etc.d for site-specific adjustments +include if exists -- cgit v1.3